fe6a7c0a2182b291b60041be502a9784554bd2264d48976f17dc5d4904f65ba3 | Triage

Analysis

max time kernel
90s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 15:30 UTC

Sharing

Report Analysis Logs

General

Target

ffmpeg.dll
Size

2.8MB
MD5

dc58f38055a1ccd9d00c9b3b004bf191
SHA1

8d1725632ec0725d6b42898cc1c977b85e1bd63d
SHA256

da6d1af6d27b453b4bc126e085a1e51cf0826b9156b37f26c553dd0370a44ea2
SHA512

807026560b4b561057b52d6050b969750e46674490d8ef687e6bce80433371f03f5acc5903290c2e8fa3305ca4907b46358d75e6c8f86e51fab5d943cb1e3890
SSDEEP

49152:rF5qb84KtStWEK/Ju2lf3tAtiLHQVTf6yfcrhCHDXLl8+0LKSQfSCu:rFvSkJXv+tiLAD0+DfS5

Score

1^/10

Malware Config

Signatures

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
1⤵
PID:3100

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

138.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.32.126.40.in-addr.arpa

IN PTR

Response
DNS

178.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.61.62.23.in-addr.arpa

IN PTR

Response

178.61.62.23.in-addr.arpa

IN PTR

a23-62-61-178deploystaticakamaitechnologiescom
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

248.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

248.143.123.92.in-addr.arpa

IN PTR

Response

248.143.123.92.in-addr.arpa

IN PTR

a92-123-143-248deploystaticakamaitechnologiescom
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR

Response

204.79.197.237:443

g.bing.com

tls

2.5kB
9.0kB
20
17
23.62.61.178:443

www.bing.com

tls

1.4kB
5.3kB
16
11
23.62.61.178:443

www.bing.com

tls

1.6kB
6.8kB
17
13
52.111.227.14:443

322 B
7

8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

138.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

138.32.126.40.in-addr.arpa
8.8.8.8:53

178.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

178.61.62.23.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

248.143.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

248.143.123.92.in-addr.arpa
8.8.8.8:53

29.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

29.243.111.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads